Security
Security
FFUF Web Fuzzing
Fast web fuzzer for discovering hidden content, directories, files, and vulnerabilities during penetration testing
computer-forensics
Digital forensics analysis and investigation techniques
file-deletion
Secure file deletion and data sanitization methods
metadata-extraction
Extract and analyze file metadata for forensic purposes
Codebase Auditor
Comprehensive codebase audit across 6 dimensions: architecture, code quality, security (OWASP Top 10), performance, testing coverage, and maintainability with prioritized action plan
Cybersecurity Skills
734+ structured cybersecurity skills mapped to MITRE ATT&CK framework for AI agents
Trail of Bits Security Research
45 security research and vulnerability detection skills from Trail of Bits
Azure Keyvault Certificates Rust
Azure Key Vault Certificates SDK for Rust. Use for creating, importing, and managing certificates. Triggers: "keyvault certificates rust", "CertificateClient rust", "create certificate rust", "import ...
Azure Keyvault Keys Rust
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Azure Keyvault Keys TS
Manage cryptographic keys using Azure Key Vault Keys SDK for JavaScript (@azure/keyvault-keys). Use when creating, encrypting/decrypting, signing, or rotating keys.
Azure Keyvault Secrets TS
Manage secrets using Azure Key Vault Secrets SDK for JavaScript (@azure/keyvault-secrets). Use when storing and retrieving application secrets or configuration values.
Azure Monitor Query Py
Azure Monitor Query SDK for Python. Use for querying Log Analytics workspaces and Azure Monitor metrics. Triggers: "azure-monitor-query", "LogsQueryClient", "MetricsQueryClient", "Log Analytics", "Kus...
Azure Search Documents TS
Build search applications using Azure AI Search SDK for JavaScript (@azure/search-documents). Use when creating/managing indexes, implementing vector/hybrid search, semantic ranking, or building ag...
Netlify Deploy
Deploy web projects to Netlify using the Netlify CLI (`npx netlify`). Use when the user asks to deploy, host, publish, or link a site/repo on Netlify, including preview and production deploys.
Slides
Create and edit presentation slide decks (`.pptx`) with PptxGenJS, bundled layout helpers, and render/validation utilities. Use when tasks involve building a new PowerPoint deck, recreating slides fro...
Agentic Actions Auditor
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where atta...
Ahrefs Automation
Automate SEO research with Ahrefs -- analyze backlink profiles, research keywords, track domain metrics history, audit organic rankings, and perform batch URL analysis through the Composio Ahrefs inte...
Azure Appconfiguration Py
Azure App Configuration SDK for Python. Use for centralized configuration management, feature flags, and dynamic settings. Triggers: "azure-appconfiguration", "AzureAppConfigurationClient", "feature f...
Azure Communication Common Java
Azure Communication Services common utilities for Java. Use when working with CommunicationTokenCredential, user identifiers, token refresh, or shared authentication across ACS services.
Azure Eventhub Dotnet
Azure Event Hubs SDK for .NET. Use for high-throughput event streaming: sending events (EventHubProducerClient, EventHubBufferedProducerClient), receiving events (EventProcessorClient with checkpointi...
Azure Eventhub Py
Azure Event Hubs SDK for Python streaming. Use for high-throughput event ingestion, producers, consumers, and checkpointing. Triggers: "event hubs", "EventHubProducerClient", "EventHubConsumerClient",...
Azure Keyvault Py
Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage. Triggers: "key vault", "SecretClient", "KeyClient", "CertificateClient", "secrets", "encryption ...
Azure Keyvault Secrets Rust
Azure Key Vault Secrets SDK for Rust. Use for storing and retrieving secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust".
Azure Security Keyvault Keys Dotnet
Azure Key Vault Keys SDK for .NET. Client library for managing cryptographic keys in Azure Key Vault and Managed HSM. Use for key creation, rotation, encryption, decryption, signing, and verification....
Azure Security Keyvault Keys Java
Azure Key Vault Keys Java SDK for cryptographic key management. Use when creating, managing, or using RSA/EC keys, performing encrypt/decrypt/sign/verify operations, or working with HSM-backed keys.
Azure Security Keyvault Secrets Java
Azure Key Vault Secrets Java SDK for secret management. Use when storing, retrieving, or managing passwords, API keys, connection strings, or other sensitive configuration data.
Burpsuite Project Parser
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy histo...
Differential Review
Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage...
Gh Address Comments
Help address review/issue comments on the open GitHub PR for the current branch using gh CLI; verify gh auth first and prompt the user to authenticate if not logged in.
LaunchDarkly Automation
Automate LaunchDarkly feature flag management -- list projects and environments, create and delete trigger workflows, and track code references via the Composio MCP integration.
Sample Skill
Text processor --- **name**: sample-text-processor **tier**: basic **category**: text processing **dependencies**: none (python standard library only) **author**: claude skills engineering.
Security Best Practices
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/repo...
Semgrep
Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Au...
Sharp Edges
Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or ev...
Spec To Code Compliance
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing complianc...
Supply Chain Risk Auditor
Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.
Variant Analysis
Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing s...
Web Design Guidelines
Review UI code for Web Interface Guidelines compliance. Use when asked to \"review my UI\", \"check accessibility\", \"audit design\", \"review UX\", or \"check my site aga...
Zeroize Audit
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing...
Audit Context Building
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
All Security skills
showing 60 of 781【最高优先级】操作守卫。任何工具调用前必须先完成权限检查!AI 在执行任何非日常对话的操作前,必须先调用 permission-gate 验证权限。
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review,...
Use when you need to add or configure Maven plugins in your pom.xml — including quality tools (enfor...
Use when you need to apply Java secure coding best practices — including validating untrusted inputs...
HSM-backed secret management for AI agents — store, retrieve, rotate, and share secrets via the 1Cla...
This skill allows agents to securely access and manage secrets using the 1Password CLI (`op`) and a ...
This skill should be used when agents need to log into websites, retrieve passwords, or access crede...
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, si...
Securely inject secrets from 1Password into agent workflows. Uses service accounts with op run/.env....
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, si...
360-degree comprehensive security review Skill. Use before installing any Skill from ClawHub, GitHub...
Use when you need to design, review, or improve security in Quarkus applications — including Quarkus...
Use when you need to design, review, or improve security in Micronaut applications — including micro...
Zero-knowledge secrets management via PassBox — store, retrieve, rotate, and inject credentials secu...
Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.
Vulnerability and security scan (defensive, your own repo): dependency CVEs plus risky code patterns...
**Local-first security scanner for OpenClaw/ClawHub skills.**
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence inte...
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoast...
Deep behavioral security audit for AI agent skills and MCP tools. Performs deterministic static anal...
Strict semantic firewall with Human-in-the-Loop execution authorization. Airgaps external data and e...
This skill bundle provides a reference implementation + packaging for the MVP offerings:
Prompt-injection and data-exfiltration screening for untrusted text. Use before summarizing web/emai...
AetherCore v3.3.4 - Security-focused final release. High-performance JSON optimization with universa...
AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuz...
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built arou...
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting securi...
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat ass...
Structured incident response for business and IT teams. Guides you through detection, triage, contai...
Complete Site Reliability Engineering system — from SLO definition through incident response, chaos ...
Skills for age verification and age-appropriate content filtering.
Portable reputation system for agents v3 - Ed25519 signatures, input validation, handoff KV
Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execut...
The ultimate security auditor for local AI agents. It performs real-time heuristic scanning of every...
Tamper-evident, hash-chained audit logging for AI agents. EU AI Act compliant.
AI compliance and policy engine — evaluate scan results against OWASP LLM Top 10, MITRE ATLAS, EU AI...
AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE find...
Security scanner for AI infrastructure — discovers MCP clients and servers, checks packages for CVEs...
Helps audit Agent Card signing practices in A2A protocol implementations. Identifies missing signatu...
This skill provides the security and networking foundation for AI Agent swarms. It handles DID (Dece...
Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret det...
Test your agent's input sanitization against common injection attacks. Runs self-contained checks us...
Invisible privacy guardian for agent workspaces. Automatically intercepts outbound actions (git push...
Outbound safety for autonomous AI agents — scans YOUR output before it leaves the machine. Git pre-c...
エージェント向けプロンプト・インジェクション防御チェックリスト
Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.
Help AI agents recognize and respond to potentially malicious skill patterns from public registries....
AI Agent 技能安全扫描器 - 检测恶意技能、后门代码、权限滥用 (Beta 版本)
Security hardening for AI agents. Audit your workspace for leaked secrets, check file permissions, v...
Security self-assessment tool for AI agents. Run this against your own configuration to get a struct...
Static pre-install trust review for SKILL.md, OpenClaw, Hermes, MCP, and agent-skill marketplace pac...
Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common v...
Automatic security gate that checks packages against a vulnerability database before installation. U...
AgentGate is a real-time policy enforcement layer that intercepts every tool call your OpenClaw agen...
**Skill Name:** `agent-security`
Secure credential proxy for AI agents. Make API calls through AgentKeys — real secrets never leave t...
**Purpose**: This guide helps AI assistants work with AgentPin for domain-anchored cryptographic age...
Generate AI agent security advisories with threat analysis, MITRE ATT&CK mapping, and remediation gu...
```yaml
AGNTCY Identity Issuer CLI and Node Backend for managing verifiable agent identities, metadata, and ...
Related Guides
If you are an AI agent
Query this directory over HTTP
This site is a searchable directory of harness components for AI coding agents. Fetch objective JSON — names, descriptions, stars, and source links. Installation and selection are yours to decide.
GET https://claudeskills.info/api/v1/search?q=ui%2Fux
GET https://claudeskills.info/api/v1/search?type=subagent&q=review
GET https://claudeskills.info/api/v1/meta
See https://claudeskills.info/llms.txt